The vulnerability CVE-2026-27025 affects pypdf, a widely used open-source pure-Python library for PDF processing. The issue arises from excessive iteration (CWE-834) when parsing the /ToUnicode entry of font objects within a PDF. An attacker can craft a PDF file with unusually large or complex /ToUnicode mappings, which causes the pypdf library to consume excessive CPU time and memory during text extraction operations. This leads to performance degradation and potential denial of service (DoS) on systems processing such PDFs. The flaw does not require any authentication, user interaction, or elevated privileges to exploit, but the attacker must supply the malicious PDF to the target environment. The vulnerability was addressed and fixed in pypdf version 6.7.1. The CVSS v4.0 base score is 6.9 (medium severity), reflecting local attack vector, low attack complexity, no privileges or user interaction required, and high impact on availability. No known exploits have been reported in the wild as of now.

Organizations using pypdf versions prior to 6.7.1 are at risk of denial of service attacks if they process untrusted or malicious PDF files. This can affect applications performing automated PDF text extraction, indexing, or analysis, potentially causing service outages or degraded performance due to resource exhaustion. The impact is primarily on availability, with no direct confidentiality or integrity compromise reported. Systems that automatically ingest PDFs from external sources, such as document management systems, email gateways, or web applications, are particularly vulnerable. The resource exhaustion could lead to crashes or slowdowns, affecting business continuity and user experience. While no exploits are known in the wild, the ease of crafting malicious PDFs and the lack of required privileges make this a credible threat, especially in environments processing large volumes of PDFs.

The primary mitigation is to upgrade all pypdf library instances to version 6.7.1 or later, where the vulnerability is fixed. Organizations should audit their software dependencies to identify and update vulnerable versions. Additionally, implement strict input validation and sandboxing for PDF processing workflows to isolate potential resource exhaustion. Rate-limit or quarantine PDF files from untrusted or external sources before processing. Employ monitoring to detect unusual CPU or memory usage spikes during PDF handling. Where possible, use alternative PDF processing libraries with robust parsing and resource controls. Finally, maintain an inventory of applications and services using pypdf to ensure timely patching and reduce attack surface.